test(e2e): Add module for minio docker container (#4578)

hashicorp · Mar 29, 2024 · cb28fe4 · cb28fe4
1 parent 55fe70e
commit cb28fe4
Show file tree

Hide file tree

Showing 6 changed files with 237 additions and 46 deletions.
diff --git a/enos/enos-modules.hcl b/enos/enos-modules.hcl
@@ -174,3 +174,7 @@ module "docker_check_health" {
 module "docker_ldap" {
   source = "./modules/docker_ldap"
 }
+
+module "docker_minio" {
+  source = "./modules/docker_minio"
+}
diff --git a/enos/modules/docker_minio/init.sh b/enos/modules/docker_minio/init.sh
@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+# This script initializes a minio server to contain the necessary resources to test
+SOURCE=$(realpath $(dirname ${BASH_SOURCE[0]})) # get directory of this script
+
+docker pull $MINIO_CLIENT_IMAGE
+
+docker run \
+    --name minio-client \
+    --rm \
+    -e "MINIO_SERVER_CONTAINER_NAME=$MINIO_SERVER_CONTAINER_NAME" \
+    -e "MINIO_ROOT_USER=$MINIO_ROOT_USER" \
+    -e "MINIO_ROOT_PASSWORD=$MINIO_ROOT_PASSWORD" \
+    -e "MINIO_REGION=$MINIO_REGION" \
+    -e "MINIO_BUCKET_NAME=$MINIO_BUCKET_NAME" \
+    -e "MINIO_USER_ID=$MINIO_USER_ID" \
+    -e "MINIO_USER_PASSWORD=$MINIO_USER_PASSWORD" \
+    -e "MINIO_USER_ACCESS_KEY_ID=$MINIO_USER_ACCESS_KEY_ID" \
+    -e "MINIO_USER_SECRET_ACCESS_KEY=$MINIO_USER_SECRET_ACCESS_KEY" \
+    --mount type=bind,src=$SOURCE,dst=/test \
+    --network $TEST_NETWORK_NAME \
+    --entrypoint bash \
+    $MINIO_CLIENT_IMAGE \
+    -c '
+        mc alias set miniotest http://$MINIO_SERVER_CONTAINER_NAME:9000 ${MINIO_ROOT_USER} ${MINIO_ROOT_PASSWORD};
+        mc admin config set miniotest region name=${MINIO_REGION};
+        mc admin service restart miniotest;
+        mc mb miniotest/${MINIO_BUCKET_NAME}
+        mc admin user add miniotest ${MINIO_USER_ID} ${MINIO_USER_PASSWORD};
+        mc admin policy create miniotest testpolicy /test/policy.json;
+        mc admin policy attach miniotest testpolicy --user ${MINIO_USER_ID};
+        echo "mc admin user svcacct add miniotest ${MINIO_USER_ID} --access-key ${MINIO_USER_ACCESS_KEY_ID} --secret-key ${MINIO_USER_SECRET_ACCESS_KEY}";
+        mc admin user svcacct add miniotest ${MINIO_USER_ID} --access-key ${MINIO_USER_ACCESS_KEY_ID} --secret-key ${MINIO_USER_SECRET_ACCESS_KEY};
+    '
diff --git a/enos/modules/docker_minio/main.tf b/enos/modules/docker_minio/main.tf
@@ -0,0 +1,160 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+terraform {
+  required_providers {
+    docker = {
+      source  = "kreuzwerker/docker"
+      version = "3.0.1"
+    }
+
+    enos = {
+      source = "app.terraform.io/hashicorp-qti/enos"
+    }
+  }
+}
+
+variable "image_name_server" {
+  description = "Name of Docker Image for minio server"
+  type        = string
+  default     = "docker.mirror.hashicorp.services/minio/minio:latest"
+}
+variable "image_name_client" {
+  description = "Name of Docker Image for minio client"
+  type        = string
+  default     = "docker.mirror.hashicorp.services/minio/mc:latest"
+}
+variable "network_name" {
+  description = "Name of Docker Networks to join"
+  type        = list(string)
+}
+variable "container_name" {
+  description = "Name of Docker Container"
+  type        = string
+  default     = "minio"
+}
+variable "region" {
+  description = "AWS Region"
+  type        = string
+  default     = "us-east-1"
+}
+variable "bucket_name" {
+  description = "Name of storage bucket"
+  type        = string
+  default     = "testbucket" # this needs to match the bucket in policy.json
+}
+variable "root_user" {
+  description = "Username for minio root user"
+  type        = string
+  default     = "minio"
+}
+variable "root_password" {
+  description = "Password for minio root user"
+  type        = string
+  default     = "minioadmin"
+}
+variable "user_id" {
+  description = "Username/Access Key Id for user that can access bucket"
+  type        = string
+  default     = "testuser"
+}
+variable "user_password" {
+  description = "Password/Secret Access Key for user that can access bucket"
+  type        = string
+  default     = "password"
+}
+variable "user_access_key_id" {
+  description = "Access Key Id for user that can access bucket"
+  type        = string
+  default     = "useraccesskeyid"
+}
+variable "user_secret_access_key" {
+  description = "Secret Access Key for user that can access bucket"
+  type        = string
+  default     = "secretaccesskey"
+}
+
+data "docker_registry_image" "minio_server" {
+  name = var.image_name_server
+}
+
+resource "docker_image" "minio_server" {
+  name          = data.docker_registry_image.minio_server.name
+  pull_triggers = [data.docker_registry_image.minio_server.sha256_digest]
+  keep_locally  = true
+}
+
+resource "docker_container" "minio_server" {
+  depends_on = [
+    docker_image.minio_server
+  ]
+  image   = docker_image.minio_server.image_id
+  name    = var.container_name
+  command = ["minio", "server", "/data", "--console-address", ":9090"]
+  env = [
+    "MINIO_ROOT_USER=minio",
+    "MINIO_ROOT_PASSWORD=minioadmin",
+    "MINIO_REGION=${var.region}",
+  ]
+  ports {
+    internal = 9000
+    external = 9000
+  }
+  ports {
+    internal = 9090
+    external = 9090
+  }
+  healthcheck {
+    test     = ["CMD", "mc", "ready", "local"]
+    interval = "3s"
+    timeout  = "5s"
+    retries  = 5
+  }
+  wait = true
+  dynamic "networks_advanced" {
+    for_each = var.network_name
+    content {
+      name = networks_advanced.value
+    }
+  }
+}
+
+resource "enos_local_exec" "init_minio" {
+  depends_on = [
+    docker_container.minio_server,
+  ]
+  environment = {
+    MINIO_SERVER_CONTAINER_NAME  = var.container_name,
+    MINIO_CLIENT_IMAGE           = var.image_name_client,
+    MINIO_BUCKET_NAME            = var.bucket_name,
+    MINIO_ROOT_USER              = var.root_user,
+    MINIO_ROOT_PASSWORD          = var.root_password,
+    MINIO_USER_ID                = var.user_id,
+    MINIO_USER_PASSWORD          = var.user_password,
+    MINIO_USER_ACCESS_KEY_ID     = var.user_access_key_id,
+    MINIO_USER_SECRET_ACCESS_KEY = var.user_secret_access_key,
+    TEST_NETWORK_NAME            = var.network_name[0],
+
+  }
+  inline = ["bash ./${path.module}/init.sh \"${var.image_name_client}\""]
+}
+
+output "bucket_name" {
+  value = var.bucket_name
+}
+
+output "access_key_id" {
+  value = var.user_access_key_id
+}
+
+output "secret_access_key" {
+  value = var.user_secret_access_key
+}
+
+output "bucket_region" {
+  value = var.region
+}
+
+output "endpoint_url" {
+  value = "http://${var.container_name}:9000"
+}
diff --git a/enos/modules/docker_minio/policy.json b/enos/modules/docker_minio/policy.json
@@ -0,0 +1,19 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:ListBucket",
+        "s3:PutObject",
+        "s3:GetObject",
+        "s3:DeleteObject",
+        "s3:GetObjectAttributes"
+      ],
+      "Resource": [
+        "arn:aws:s3:::testbucket",
+        "arn:aws:s3:::testbucket/*"
+      ]
+    }
+  ]
+}
diff --git a/enos/modules/test_e2e_docker/main.tf b/enos/modules/test_e2e_docker/main.tf
@@ -114,48 +114,28 @@ variable "vault_port" {
   type        = string
   default     = "8200"
 }
-variable "aws_access_key_id" {
+variable "access_key_id" {
   description = "Access Key Id for AWS IAM user used in dynamic host catalogs"
   type        = string
   default     = ""
 }
-variable "aws_secret_access_key" {
+variable "secret_access_key" {
   description = "Secret Access Key for AWS IAM user used in dynamic host catalogs"
   type        = string
   default     = ""
 }
-variable "aws_host_set_filter1" {
-  description = "Filter tag for host set used in dynamic host catalogs"
-  type        = string
-  default     = ""
-}
-variable "aws_host_set_count1" {
-  description = "Number of hosts in aws_host_set_filter1"
-  type        = number
-  default     = 0
-}
-variable "aws_host_set_ips1" {
-  description = "List of IP addresses in aws_host_set_filter1"
-  type        = list(string)
-  default     = [""]
-}
-variable "aws_host_set_filter2" {
-  description = "Filter tag for host set used in dynamic host catalogs"
+variable "region" {
+  description = "AWS region where the resources will be created"
   type        = string
   default     = ""
 }
-variable "aws_host_set_ips2" {
-  description = "List of IP addresses in aws_host_set_filter2"
-  type        = list(string)
-  default     = [""]
-}
-variable "aws_region" {
-  description = "AWS region where the resources will be created"
+variable "bucket_name" {
+  description = "Storage bucket name"
   type        = string
   default     = ""
 }
-variable "aws_bucket_name" {
-  description = "AWS S3 bucket name"
+variable "bucket_endpoint_url" {
+  description = "Endpoint URL for the storage bucket"
   type        = string
   default     = ""
 }
@@ -245,8 +225,6 @@ locals {
   aws_ssh_private_key_path = abspath(var.aws_ssh_private_key_path)
   vault_addr               = var.vault_addr != "" ? "http://${var.vault_addr}:${var.vault_port}" : ""
   vault_addr_internal      = var.vault_addr_internal != "" ? "http://${var.vault_addr_internal}:8200" : local.vault_addr
-  aws_host_set_ips1        = jsonencode(var.aws_host_set_ips1)
-  aws_host_set_ips2        = jsonencode(var.aws_host_set_ips2)
   package_name             = reverse(split("/", var.test_package))[0]
 }
 
@@ -276,14 +254,11 @@ resource "enos_local_exec" "run_e2e_test" {
     VAULT_ADDR_INTERNAL           = local.vault_addr_internal
     VAULT_TOKEN                   = var.vault_root_token
     E2E_VAULT_ADDR                = local.vault_addr_internal
-    E2E_AWS_ACCESS_KEY_ID         = var.aws_access_key_id
-    E2E_AWS_SECRET_ACCESS_KEY     = var.aws_secret_access_key
-    E2E_AWS_HOST_SET_FILTER       = var.aws_host_set_filter1
-    E2E_AWS_HOST_SET_IPS          = local.aws_host_set_ips1
-    E2E_AWS_HOST_SET_FILTER2      = var.aws_host_set_filter2
-    E2E_AWS_HOST_SET_IPS2         = local.aws_host_set_ips2
-    E2E_AWS_REGION                = var.aws_region
-    E2E_AWS_BUCKET_NAME           = var.aws_bucket_name
+    E2E_BUCKET_NAME               = var.bucket_name
+    E2E_BUCKET_ENDPOINT_URL       = var.bucket_endpoint_url
+    E2E_BUCKET_ACCESS_KEY_ID      = var.access_key_id
+    E2E_BUCKET_SECRET_ACCESS_KEY  = var.secret_access_key
+    E2E_REGION                    = var.region
     E2E_POSTGRES_USER             = var.postgres_user
     E2E_POSTGRES_PASSWORD         = var.postgres_password
     E2E_POSTGRES_DB_NAME          = var.postgres_database_name

diff --git a/enos/modules/test_e2e_docker/test_runner.sh b/enos/modules/test_e2e_docker/test_runner.sh
@@ -22,17 +22,14 @@ docker run \
     -e "E2E_SSH_USER=$E2E_SSH_USER" \
     -e "E2E_SSH_CA_KEY=$E2E_SSH_CA_KEY" \
     -e "E2E_SSH_KEY_PATH=/keys/target.pem" \
+    -e "E2E_REGION=$E2E_REGION" \
+    -e "E2E_BUCKET_NAME=$E2E_BUCKET_NAME" \
+    -e "E2E_BUCKET_ENDPOINT_URL=$E2E_BUCKET_ENDPOINT_URL" \
+    -e "E2E_BUCKET_ACCESS_KEY_ID=$E2E_BUCKET_ACCESS_KEY_ID" \
+    -e "E2E_BUCKET_SECRET_ACCESS_KEY=$E2E_BUCKET_SECRET_ACCESS_KEY" \
     -e "VAULT_ADDR=$VAULT_ADDR_INTERNAL" \
     -e "VAULT_TOKEN=$VAULT_TOKEN" \
     -e "E2E_VAULT_ADDR=$E2E_VAULT_ADDR" \
-    -e "E2E_AWS_ACCESS_KEY_ID=$E2E_AWS_ACCESS_KEY_ID" \
-    -e "E2E_AWS_SECRET_ACCESS_KEY=$E2E_AWS_SECRET_ACCESS_KEY" \
-    -e "E2E_AWS_HOST_SET_FILTER=$E2E_AWS_HOST_SET_FILTER" \
-    -e "E2E_AWS_HOST_SET_IPS=$E2E_AWS_HOST_SET_IPS" \
-    -e "E2E_AWS_HOST_SET_FILTER2=$E2E_AWS_HOST_SET_FILTER2" \
-    -e "E2E_AWS_HOST_SET_IPS2=$E2E_AWS_HOST_SET_IPS2" \
-    -e "E2E_AWS_REGION=$E2E_AWS_REGION" \
-    -e "E2E_AWS_BUCKET_NAME=$E2E_AWS_BUCKET_NAME" \
     -e "E2E_POSTGRES_USER=$E2E_POSTGRES_USER" \
     -e "E2E_POSTGRES_PASSWORD=$E2E_POSTGRES_PASSWORD" \
     -e "E2E_POSTGRES_DB_NAME=$E2E_POSTGRES_DB_NAME" \